Can't dig +trace?
Anand Buddhdev
anandb at ripe.net
Tue Jul 28 13:35:32 UTC 2015
On 28/07/15 15:17, Jaap Akkerhuis via Unbound-users wrote:
> > However if I hit Google's lookup servers with the same command from the
> > same client machine, I get the expected response...
>
> The +trace option causes dig not to use the local resolver. From the
> dig manual:
Not quite. If you use the +trace option, dig makes *one* query to its
local resolver(s) to get a list of root name servers. Thereafter, it
makes its own iterative queries. However, that initial query has RD=0,
and unbound won't answer. Anonymous fongaboo will have to specifically
allow cache snooping in unbound for this.
This is a weird design choice in dig. It shouldn't rely on any resolvers
for the initial query. It should just use a built-in list of root name
servers, and prime itself, just like BIND does.
Regards,
Anand
More information about the Unbound-users
mailing list